Date: Tue, 15 Dec 1992 13:13:39 EDT >From: Marc Rotenberg Subject: File 1-- CPSR and the Transition Over the last several years CPSR has worked extensively on access to government information, the Freedom of Information Act, computer security policy, and privacy protection. We have now sent the following recommendations to several transition team groups. (The "(b)(1) exemption" in the first recommendation refers to the national security exemption in the Freedom of Information Act.) We hope that the new administration will give our proposals full consideration. Marc Rotenberg, Director CPSR Washington Office rotenberg@washofc.cpsr.org ============================================= FROM--Marc Rotenberg, CPSR RE--Classification, Computer Security, Privacy CC--Policy Group, Justice Cluster DATE--December 10, 1992 Three issues that the Executive Order Project should address: 1) Rescind E.O. 12356 (1982 Reagan Order on classification) The Reagan Order on classification is the bane of the FOIA and science communities. It has led to enormous overclassification, frustrated government accountability, and skewed national priorities. It should be rescinded. A new E.O. should narrow the scope of classification authority. It should reduce the classification bureaucracy. And it should reflect the economic cost of classifying scientific and technical information, i.e. such information should be presumptively available. In the FOIA context, the new E.O. should also require agencies to identify "an ascertainable harm" before invoking the (b)(1) exemption. 2) Rescind NSD-42 (1991 Bush Directive on computer security authority) This directive undermined a fairly good 1987 law (the Computer Security Act) and transferred authority for computer security from the civilian sector to the intelligence community. It led to several bad decisions in the area of technical standard setting (e.g. network standards that facilitate surveillance rather than promoting security) and has made it more difficult to ensure agency accountability. It should be rescinded. The President could either leave the 1987 Act in place and issue no new E.O. or he could revise the E.O. consistent with the aims of the 1987 law, recognizing the recent problems with technical standard setting by the intelligence community. 3) Establish a task force on privacy protection The new administration should move quickly on the privacy front, particularly in the telecommunications arena. The United States currently lags behind Canada, Japan, and the EC on telecomm privacy policy. These policies are necessary for the development of new services and the protection of consumer interests. An Executive Order on privacy should include the following elements: (1) the creation of an intra-agency task force with public participation, (2) a report to the President within 180 days with legislative recommendations, (3) a procedure for ongoing review and coordination with Justice, Commerce, State, and OSTP. ------------------------------ Downloaded From P-80 International Information Systems 304-744-2253